Tips for providing low-cost security training
Computerworld - At the height of the recession, Providence Health & Services in Seattle whacked its IT training budget by a hefty 65%. That meant conferences and most tuition-based classroom training were out of the question. So Eric Cowperthwaite, the health service provider's chief information security officer, started looking for alternate ways to provide his staff with ongoing education.
He approached officials at a local security company and offered to pay them a small amount to jointly develop training modules he could then deliver to his staff himself. What he got was a customized course on risk management methodologies and risk analysis skills.
The payback: "I was able to demonstrate to employees that I was still committed to their growth and development," Cowperthwaite said. "While I may not be able to let them go to a conference in Orlando, I'm still able to invest in my people. That was what was most critical: to show people that we were still willing to invest in them."
Cowperthwaite said he also visits with local FBI and Secret Service agents working in Seattle, Los Angeles, Portland and San Francisco -- cities where Providence Health has offices.
"Someday, something bad is going to happen to your company. A laptop may get stolen or data gets stolen or a virus gets inserted into your network. Before you ever get to that point, go find the local FBI or Secret Service office, or even your local chief of police, and invite them to lunch and get to know them," Cowperthwaite advised.
The payoff is that if and when you're faced with a security crisis, you'll have allies you can turn to. You'll also get tips on how to help law enforcement authorities solve your case, Cowperthwaite said.
He cited a time when he worked with the Secret Service on some problems with malicious software. "What they wanted from us were forensically clean versions of the computers involved," Cowperthwaite said, and knowing that upfront meant the incident could be resolved quickly.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!